Health Insurance Portability and Accountability Act of 1996 or HIPAA is a bill enacted by the U.S. Congress and signed by President Bill Clinton in 1996 the aim of which is to protect health information from being readily available to parties that are not required to be privy to such information and protects people from abuse and fraud. People who work for the health professions or are involved in some way with health information are required to go through HIPAA training. Doctors, nurses, medical secretaries, transcriptionists, Human Resources personnel, and even people who do not even get to see medical information but are working for a company that has personnel that does, such as in call centers, are required to be HIPAA certified.
HIPAA has several provisions but there are two that are considered as HIPAA training requirements. The first one is the provision on Privacy (section 164.518). People who are required to train for this provision are people who are likely to come across protected and identifiable health information like employees, trainees and people who work with the people who are under the organization but are not necessarily business partner. Business partners’ employees who happen to have access are required to have safeguards in place but not all portions of the business partner’s workforce are required to train for the privacy provision. The training must cover policies and procedures about protected health information. Training must be complete by the date that is stipulated as the effective date of regulations while new employees must be trained as soon as possible. The span of time between recertification varies; some require it every year while others do after as much as three years.
The second HIPAA training requirement is the provision on Security and Electronic Signatures (section 142.308(12)) which deals with security and vulnerabilities to health information that a person possess and what has to be done to ensure the protection of the said information. Personnel are to be made aware of the scenarios that revolve on security and their responsibility to protect the information. Implementation of this HIPAA training requirement is done via regular training or reminders like email alerts on computer virii, account and password management, and to how identify potential breaches in security. This requirement involves an organization’s IT department as well as the cooperation of the users who access the organization’s systems as part of their job.